feat: variable ACME_HTTP_CHALLENGE_LOCATION (#2468)

Values: * `legacy` (default): generate location blocks for ACME HTP Challenge excepted when `HTTPS_METHOD=noredirect` or there is no certificate for the domain * `true`: generate location blocks for ACME HTP Challenge in all cases * `false`: do not generate location blocks for ACME HTP Challenge This feature is currently needed because acme-companion may generate the HTTP Challenge configuration while it was done already by nginx-proxy (see #2465#issuecomment-2136361373). Also sometimes a hardcoded ACME challenge location is not wanted because the challenge validation is not done with acme-companion / Let's Encrypt, and with a challenge location setup differently.
2025-07-01 14:25:46 +00:00 · 2024-05-31 00:10:44 +02:00
parent e904471cd3
commit 9cf736f1f8
12 changed files with 312 additions and 3 deletions
--- a/test/test_ssl/test_noredirect.py
+++ b/test/test_ssl/test_noredirect.py
@ -19,9 +19,9 @@ def test_web2_HSTS_policy_is_inactive(docker_compose, nginxproxy):
    assert "Strict-Transport-Security" not in r.headers


-def test_web3_acme_challenge_does_work(docker_compose, nginxproxy, acme_challenge_path):
+def test_web3_acme_challenge_does_not_work(docker_compose, nginxproxy, acme_challenge_path):
    r = nginxproxy.get(
        f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
        allow_redirects=False
    )
-    assert r.status_code == 200
+    assert r.status_code == 404